- Fixed: Vulnerability with timestamp field on UM Forms

- changed readme;

includes/core/class-fields.php

@@ -2366,7 +2366,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 							$output .= '<div ' . $this->get_atts( $key, $classes, $conditional, $data ) . '>';
 
 							if ( isset( $data['label'] ) ) {
-								
+
 								$data['label'] = __( $data['label'], 'ultimate-member' );
 
 								$output .= $this->field_label( sprintf( __( 'Confirm %s', 'ultimate-member' ), $data['label'] ), $key, $data );

includes/core/class-gdpr.php

@@ -81,9 +81,7 @@ if ( ! class_exists( 'um\core\GDPR' ) ) {
 		 */
 		function email_registration_data( $submitted ) {
 			if ( ! empty( $submitted['use_gdpr_agreement'] ) ) {
-				$timestamp = ! empty( $submitted['timestamp'] ) ? $submitted['timestamp'] : $submitted['use_gdpr_agreement'];
-
-				$submitted['GDPR Applied'] = date( "d M Y H:i", $timestamp );
+				$submitted['GDPR Applied'] = date( "d M Y H:i", $submitted['use_gdpr_agreement'] );
 				unset( $submitted['use_gdpr_agreement'] );
 			}
 

includes/core/class-user.php

@@ -1228,7 +1228,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
 		 * Set last login for new registered users
 		 */
 		function set_last_login() {
-			update_user_meta(  $this->id, '_um_last_login', current_time( 'timestamp' ) );
+			update_user_meta( $this->id, '_um_last_login', current_time( 'timestamp' ) );
 		}
 
 

includes/core/um-actions-global.php

@@ -24,8 +24,6 @@ function um_add_security_checks( $args ) {
 		return;
 	} ?>
 
-	<input type="hidden" name="timestamp" class="um_timestamp" value="<?php echo esc_attr( current_time( 'timestamp' ) ) ?>" />
-
 	<p class="<?php echo esc_attr( UM()->honeypot ); ?>_name">
 		<label for="<?php echo esc_attr( UM()->honeypot ) . '_' . $args['form_id']; ?>"><?php _e( 'Only fill in if you are not human' ); ?></label>
 		<input type="hidden" name="<?php echo esc_attr( UM()->honeypot ); ?>" id="<?php echo esc_attr( UM()->honeypot ) . '_' . $args['form_id']; ?>" class="input" value="" size="25" autocomplete="off" />

includes/core/um-actions-register.php

@@ -386,6 +386,12 @@ function um_submit_form_register( $args ) {
 	}
 
 	$args['submitted'] = array_merge( $args['submitted'], $credentials );
+
+	// set timestamp
+	$timestamp = current_time( 'timestamp' );
+	$args['submitted']['timestamp'] = $timestamp;
+	$args['timestamp'] = $timestamp;
+
 	$args = array_merge( $args, $credentials );
 
 	//get user role from global or form's settings

readme.txt

@@ -6,7 +6,7 @@ Donate link:
 Tags: community, member, membership, user-profile, user-registration
 Requires PHP: 5.6
 Requires at least: 5.0
-Tested up to: 5.5.1
+Tested up to: 5.6
 Stable tag: 2.1.12
 License: GNU Version 2 or Any Later Version
 License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -167,6 +167,10 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
   - Fixed: Upgrade process on websites where a hosting locks the frequent AJAX requests (added default JS throttle between requests)
   - Fixed: Getting page content of the GDPR privacy policies
   - Fixed: Password strength validation for Unicode symbols
+  - Fixed: Issue with apostrophe options in the multiselect/checkbox fields (#689)
+  - Fixed: Translation for Password field's label
+  - Fixed: Download Personal Data URL
+  - Fixed: Vulnerability with timestamp field on UM Forms
 
 * Tweaks:
 

templates/register.php

@@ -135,7 +135,7 @@ if ( ! is_user_logged_in() ) {
 			 * }
 			 * ?>
 			 */
-			do_action( "um_after_form", $args ); ?>
+			do_action( 'um_after_form', $args ); ?>
 		
 		</form>
 

ultimate-member.php

@@ -3,7 +3,7 @@
 Plugin Name: Ultimate Member
 Plugin URI: http://ultimatemember.com/
 Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
-Version: 2.1.13-beta1
+Version: 2.1.13-rc.1
 Author: Ultimate Member
 Author URI: http://ultimatemember.com/
 Text Domain: ultimate-member